How to Run a Provably-Fair Giveaway: A Step-by-Step Guide for Operators

You ran a giveaway. You collected the entries, you picked a winner, and you posted the name. Within minutes the replies arrive: "rigged," "my cousin won again," "how do we know it's real?" Here is the uncomfortable part — you were honest, and it does not matter. The problem was never your integrity. The problem is that nobody but you can check the result. You chose a winner in private and announced it after the fact, which is exactly what someone rigging a draw would also do. This guide is about closing that gap: running a giveaway your audience can verify for themselves, without taking your word for anything.

Why the usual methods fall short

Most ways of picking a winner share one flaw — the result is decided somewhere no one else can see, and the audience is simply asked to trust it. The common options each fail the same test:

• "We picked a winner." A manual choice leaves no record and no auditable randomness. You could have chosen anyone. Under UK advertising rules a manual pick is only defensible if a demonstrably independent observer oversaw it.
• Screenshots and screen recordings. Trivially staged, cropped, or re-shot until the right name appears — and even an honest one proves nothing about how the name was actually selected.
• Comment-picker apps and wheel spinners. Convenient, but the seed lives on someone else's server. The operator, or the app, can re-roll until the result suits them. You are still asking the audience to trust a black box.
• Google's "pick a random number" or your own script. Not committed in advance and not reproducible. You ran it privately, and no third party can re-derive the output to confirm it.

Strip these down and the defect is identical: the result is produced in private and revealed afterward. Nothing in the process stops it from being rigged — or, just as damaging, from looking rigged to a sceptical audience.

What makes a draw genuinely verifiable

A draw is verifiable when trust no longer rests on your word — when a stranger can reproduce the result and arrive at the same winner. That requires four things to be true:

• A fixed, committed entry list. Eligibility, dates, and deduplication are defined before entries close, and the list is frozen so it cannot be quietly edited later.
• Randomness no one running the draw controls. Not a private seed you generate — a public source you cannot choose, predict, or fake.
• A reproducible result. The winner is derived deterministically from the frozen list plus that public randomness, by a method anyone can run.
• A public record. Anyone can recompute the outcome later from the same inputs and get the same winner.

When all four hold, "rigged" stops being an accusation you have to argue against and becomes something anyone can simply check.

How to run one, step by step

1. Publish the rules before entries open

State plainly what counts as an entry, who is eligible, the closing date, and how and when the winner is chosen and announced. UK advertising guidance from the ASA expects terms that are clear and accessible at the moment of entry — not retrofitted once someone complains. Getting this right up front also defines the entry list you are about to freeze.

2. Collect and freeze the entries

When entries close, export the full list and deduplicate it — one entry per person, by whatever identifier fits the platform. Then lock it. The key move is to publish a hash of the frozen list: a short, tamper-evident fingerprint. Change a single entry afterward and the fingerprint no longer matches, so everyone can confirm the list you drew from is the list you committed. Tools exist to pull and clean entries from comments for exactly this purpose — see this walkthrough on picking a winner from comments.

3. Pick with a method that is random and reproducible

This is the step that separates a verifiable draw from a black box. Commit the frozen list to a future moment of public randomness, then derive the winner from the list plus that random value. A public randomness beacon such as drand is built for this — it publishes a fresh, jointly-produced random value on a fixed schedule, and no single party can predict or bias it. Use that value to seed a published shuffle, such as Fisher–Yates, and read off the winner. Because the round has not happened yet at the moment you commit, you cannot grind through outcomes looking for a favourable one. The randomness arrives after your choice is locked.

4. Announce transparently

Post the winner alongside a verification link — not just the name. The link should show the committed entry list, the randomness round used, the formula, and the winning index, so any entrant can follow the same path to the same result. An announcement that includes the means to check it is the entire point; a name on its own is what you started with.

5. Keep the records

Retain the entry list, its hash, the randomness round, and the result. UK guidance on prize winners expects you to be able to show the winner was selected by chance and that prizes are actually awarded, normally within 30 days. A permanent, reproducible record is the cleanest evidence you can offer if anyone ever asks.

A brief note on the rules

Verifiability is the hard part, but a few compliance points are worth keeping straight, and they are not onerous.

• Advertising rules. Your terms must be clear, accessible at entry, and state how and when winners are chosen and notified. Winners must be selected by the laws of chance. Crucially, the ASA requires a manual pick to be overseen by a demonstrably independent observer — unless you use a computer process that produces verifiably random results, with evidence. A provably-fair, reproducible draw satisfies that path directly, which an ASA ruling on retainable terms and verifiable selection has reinforced.
• Platform rules. Instagram and Facebook require official rules and an acknowledgement that the platform does not sponsor or endorse your promotion. Do not imply the platform runs the draw. X prohibits multi-account entry. These are house rules, not optional.
• Paid entry is a different animal. If entry is paid and winners are random, under the Gambling Act 2005 you are likely running an unlawful lottery. Two routes keep you legal: a genuine skill element that filters a meaningful share of entrants, or a free entry route promoted no less prominently than the paid one. "No purchase necessary" has to be real.

For the specifics, the ASA covers independent judges and observers and prize draws on social media; the Gambling Commission explains when a paid competition tips into a lottery; and Instagram's promotion guidelines set out the platform side. None of this is legal advice — it is the lay of the land.

How Verified Draws does it in practice

Steps 2 through 4 are exactly what a provably-fair tool mechanises. Verified Draws takes your frozen entry list, commits it, and binds it to a specific future drand round. That round comes from the League of Entropy, an independent coalition that jointly produces the random value, so no one running the draw — including us — holds the seed. Once the round publishes, the tool reveals the result and emits a shareable link anyone can recompute. The winner is a deterministic function of public inputs, which means it is verifiable and it satisfies the ASA's "verifiably random computer process" route, with no independent observer required.

If you run giveaways and you are tired of arguing with the word "rigged," the fix is to stop asking your audience to trust you and start handing them the means to check. You can run a draw on Verified Draws and share the commitment and the round so anyone can reproduce the winner, or verify a draw you already have in hand — pull the same random value, re-run the maths, and watch it land on the same name. It is free, and there is nothing to install.